How do I configure an NE DDoS protection policy?

Steps
 

Choose Administration→Security→NE DDoS Protection from the NFM-P main menu. The NE DDoS Protection form opens.

Click Create or choose a policy and click Properties. The DDoS Protection Policy (Create|Edit) form opens.

Note: For SAPs and access/network interfaces, click Search to list the default NE DDoS protection policies for Distributed CPU Protection (DCP). Select the appropriate access or network policy and click Properties to modify the default policy if required.

Configure the required parameters.

Note: A default port-type policy does not initially reside in the NFM-P, but is collected from a supporting NE during discovery synchronization. The port-type policy applies only for select port-based protocols, and is applied automatically to all ports when the policy is distributed to a supporting NE.

To configure a static policer, perform the following steps.

  1. Click on the Static Policers tab.

  2. Click Create or choose an entry and click Properties. The Static Policer (Create|Edit) form opens.

  3. Configure the required parameters.

  4. If the Rate Type parameter is set to Kbps, configure the Rate Limit (Kb/s) and Buffer Space (Bytes) parameters in the Kbps panel. You can specify a default value for these parameters by selecting the Default check box.

  5. If the Rate Type parameter is set to Packets, configure the Rate Limit (packets), Time Limit (seconds), and Initial Delay (packets) parameters in the Packets panel. You can specify a default value for the Rate Limit (packets) parameter by selecting the Default check box.

  6. Configure the Exceed Action parameter. If you set this parameter to Discard or Low Priority, configure the Hold Down Duration (seconds) parameter.

  7. Click OK. The Static Policer form closes.

Repeat Step 4 to configure an additional static policer, if required.

To configure a local monitoring policer, perform the following steps.

  1. Click on the Local Monitoring Policer tab.

  2. Click Create or choose an entry and click Properties. The Local Monitoring Policer (Create|Edit) form opens.

  3. Configure the required parameters.

  4. If the Rate Type parameter is set to Kbps, configure the Rate Limit (Kb/s) and Buffer Space (Bytes) parameters in the Kbps panel. You can specify a default value for these parameters by selecting the Default check box.

  5. If the Rate Type parameter is set to Packets, configure the Rate Limit (packets), Time Limit (seconds), and Initial Delay (packets) parameters in the Packets panel. You can specify a default value for the Rate Limit (packets) parameter by selecting the Default check box.

  6. Configure the Exceed Action parameter.

  7. Click OK. The Local Monitoring Policer form closes.

Repeat Step 6 to configure an additional local monitoring policer, if required.

To configure protocol mappings for policers, perform the following steps.

  1. Click on the Protocols tab.

  2. Click Create or select an entry and click Properties. The Protocols (Create|Edit) form opens.

  3. Configure the required parameters.

  4. Select a policer in the Enforcement panel.

    Note: If the Type parameter is set to Static, you must choose a static policer. If the Type parameter is set to Shared, you must choose a shared policer. If the Type parameter is set to Dynamic, you must choose a local monitoring policer. However, if the Type parameter is set to Dynamic and the Local Monitoring Bypass parameter is enabled, you cannot specify a local monitoring policer.

  5. If the Rate Type parameter is set to Kbps, configure the Rate Limit (Kb/s) and Buffer Space (Bytes) parameters in the Kbps panel. You can specify a default value for these parameters by selecting the Default check box.

  6. If the Rate Type parameter is set to Packets, configure the Rate Limit (packets), Interval (seconds), and Initial Delay (packets) parameters in the Packets panel. You can specify a default value for the Rate Limit (packets) parameter by selecting the Default check box.

  7. Configure the Exceed Action parameter. If you set this parameter to Discard or Low Priority, configure the Hold Down Duration (seconds) parameter.

  8. Save your changes and close the form.

Repeat Step 8 to configure an additional protocol, if required.

10 

Click Apply to save the changes.

11 

Distribute the policy to NEs, as required.

12 

Close the open forms.

End of steps